During Veeam’s internal testing, a vulnerability was discovered within the Backup Appliance component of Veeam Backup for Google Cloud that allows users to bypass authentication mechanisms.
CVSS v3 Score: 10.0
A fix has been released to resolve the discovered vulnerability in Veeam Backup for Google Cloud versions 1 and 3. For most users, no actions will be needed, as the Veeam Updater component will have automatically installed this fix during its daily check for updates1. After the fix has been installed, the Backup Appliance will be restarted automatically. For environments where the Veeam Backup for Google Cloud backup appliance does not have access to repository.veeam.com, the fix will have to be manually deployed2 or internet access configured to allow access to the update server.
Info (automatic Patching of Components):
The fix for the vulnerability discussed in this article has been automatically deployed to all Veeam Backup for Google Cloud Backup Appliances that have been configured to have access to repository.veeam.com. Most users will have no additional actions to perform beyond confirming the Veeam Updater component version.
For deployments where the Veeam Backup for Google Cloud Backup Appliance does not have network access to the Veeam Update Repository, the fix must be deployed manually.
New Veeam v12 Platform Overview: Blog Post
OpenSSL patch (v3.0.7) for Vulnerability 2022: Blog Post
Building a SOC: Blog Post
List of vendors and software affected by the OpenSSL vulnerability: Blog Post
Critical OpenSSL Vulnerability version 3.0: Blog Post
Veeam v12 Linux Without SSH And SUDO: Blog PostHardened Repository in Veeam v12: Blog Post
Wasabi Object Storage Usage with Veeam B&R v12: Blog Post
VeeaMover in v12: Blog Post
Ransomware & Cybersecurity with Veeam v12: Blog Post
Why backup directly to Object Storage? Blog Post
Veeam B&R v12 New Features Overview: Blog Post
[REPLAY] Webinar Veeam v12 and Wasabi: Replay
Protect your data with Veeam and Wasabi: Blog post
Wasabi – Object Lock feature spotlight: Blog post
Veeam and the S3-compatible object storage solutions: Blog Post
[PODCAST] VeeamUser Group France #1: Record
Conti initiates their attacks on Backup: Blog Post
Backup with Trusted Repository Storage: Blog Post.
Protect your Backup against Ransomware: Blog Post.